diff options
Diffstat (limited to '.github/workflows/build-extra.yml')
-rw-r--r-- | .github/workflows/build-extra.yml | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 0a9628d31..a36997838 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -54,12 +54,16 @@ jobs: | |||
54 | runs-on: ubuntu-22.04 | 54 | runs-on: ubuntu-22.04 |
55 | steps: | 55 | steps: |
56 | - name: Harden Runner | 56 | - name: Harden Runner |
57 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 | 57 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 |
58 | with: | 58 | with: |
59 | egress-policy: block | 59 | egress-policy: block |
60 | allowed-endpoints: > | 60 | allowed-endpoints: > |
61 | archive.ubuntu.com:80 | ||
61 | azure.archive.ubuntu.com:80 | 62 | azure.archive.ubuntu.com:80 |
62 | github.com:443 | 63 | github.com:443 |
64 | packages.microsoft.com:443 | ||
65 | ppa.launchpadcontent.net:443 | ||
66 | security.ubuntu.com:80 | ||
63 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 67 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
64 | - name: update package information | 68 | - name: update package information |
65 | run: sudo apt-get update -qy | 69 | run: sudo apt-get update -qy |
@@ -84,12 +88,16 @@ jobs: | |||
84 | runs-on: ubuntu-22.04 | 88 | runs-on: ubuntu-22.04 |
85 | steps: | 89 | steps: |
86 | - name: Harden Runner | 90 | - name: Harden Runner |
87 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 | 91 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 |
88 | with: | 92 | with: |
89 | egress-policy: block | 93 | egress-policy: block |
90 | allowed-endpoints: > | 94 | allowed-endpoints: > |
95 | archive.ubuntu.com:80 | ||
91 | azure.archive.ubuntu.com:80 | 96 | azure.archive.ubuntu.com:80 |
92 | github.com:443 | 97 | github.com:443 |
98 | packages.microsoft.com:443 | ||
99 | ppa.launchpadcontent.net:443 | ||
100 | security.ubuntu.com:80 | ||
93 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 101 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
94 | - name: update package information | 102 | - name: update package information |
95 | run: sudo apt-get update -qy | 103 | run: sudo apt-get update -qy |
@@ -110,12 +118,16 @@ jobs: | |||
110 | runs-on: ubuntu-22.04 | 118 | runs-on: ubuntu-22.04 |
111 | steps: | 119 | steps: |
112 | - name: Harden Runner | 120 | - name: Harden Runner |
113 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 | 121 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 |
114 | with: | 122 | with: |
115 | egress-policy: block | 123 | egress-policy: block |
116 | allowed-endpoints: > | 124 | allowed-endpoints: > |
125 | archive.ubuntu.com:80 | ||
117 | azure.archive.ubuntu.com:80 | 126 | azure.archive.ubuntu.com:80 |
118 | github.com:443 | 127 | github.com:443 |
128 | packages.microsoft.com:443 | ||
129 | ppa.launchpadcontent.net:443 | ||
130 | security.ubuntu.com:80 | ||
119 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 131 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
120 | - name: update package information | 132 | - name: update package information |
121 | run: sudo apt-get update -qy | 133 | run: sudo apt-get update -qy |
@@ -132,12 +144,17 @@ jobs: | |||
132 | runs-on: ubuntu-20.04 | 144 | runs-on: ubuntu-20.04 |
133 | steps: | 145 | steps: |
134 | - name: Harden Runner | 146 | - name: Harden Runner |
135 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 | 147 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 |
136 | with: | 148 | with: |
137 | egress-policy: block | 149 | egress-policy: block |
138 | allowed-endpoints: > | 150 | allowed-endpoints: > |
151 | archive.ubuntu.com:80 | ||
139 | azure.archive.ubuntu.com:80 | 152 | azure.archive.ubuntu.com:80 |
140 | github.com:443 | 153 | github.com:443 |
154 | packages.microsoft.com:443 | ||
155 | ppa.launchpad.net:80 | ||
156 | ppa.launchpadcontent.net:443 | ||
157 | security.ubuntu.com:80 | ||
141 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 158 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
142 | - name: update package information | 159 | - name: update package information |
143 | run: sudo apt-get update -qy | 160 | run: sudo apt-get update -qy |
@@ -150,12 +167,16 @@ jobs: | |||
150 | runs-on: ubuntu-22.04 | 167 | runs-on: ubuntu-22.04 |
151 | steps: | 168 | steps: |
152 | - name: Harden Runner | 169 | - name: Harden Runner |
153 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 | 170 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 |
154 | with: | 171 | with: |
155 | egress-policy: block | 172 | egress-policy: block |
156 | allowed-endpoints: > | 173 | allowed-endpoints: > |
174 | archive.ubuntu.com:80 | ||
157 | azure.archive.ubuntu.com:80 | 175 | azure.archive.ubuntu.com:80 |
158 | github.com:443 | 176 | github.com:443 |
177 | packages.microsoft.com:443 | ||
178 | ppa.launchpadcontent.net:443 | ||
179 | security.ubuntu.com:80 | ||
159 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 180 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
160 | - name: update package information | 181 | - name: update package information |
161 | run: sudo apt-get update -qy | 182 | run: sudo apt-get update -qy |